Security update for libtasn1

Announcement ID: SUSE-SU-2018:0295-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2018-6003 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-6003 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-6003 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2
  • SUSE Linux Enterprise Workstation Extension 12 SP2

An update that solves one vulnerability can now be installed.

Description:

This update for libtasn1 fixes one issue.

This security issue was fixed:

  • CVE-2018-6003: Prevent a stack exhaustion in _asn1_decode_simple_ber (lib/decoding.c) when decoding BER encoded structure allowed for DoS (bsc#1076832).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
    zypper in -t patch SUSE-SLE-BSK-12-SP2-2018-295=1
  • SUSE Linux Enterprise Desktop 12 SP2
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-295=1
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2
    zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-295=1
  • SUSE Linux Enterprise Workstation Extension 12 SP2
    zypper in -t patch SUSE-SLE-WE-12-SP2-2018-295=1

Package List:

  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2 (x86_64)
    • libreoffice-sdk-debuginfo-5.4.5.1-40.24.1
    • libreoffice-debugsource-5.4.5.1-40.24.1
    • libreoffice-debuginfo-5.4.5.1-40.24.1
    • libreoffice-sdk-5.4.5.1-40.24.1
  • SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
    • libreoffice-base-debuginfo-5.4.5.1-40.24.1
    • libreoffice-base-drivers-mysql-debuginfo-5.4.5.1-40.24.1
    • libreoffice-base-drivers-postgresql-5.4.5.1-40.24.1
    • libreoffice-gnome-debuginfo-5.4.5.1-40.24.1
    • libreoffice-5.4.5.1-40.24.1
    • libreoffice-debuginfo-5.4.5.1-40.24.1
    • libreoffice-gnome-5.4.5.1-40.24.1
    • libreoffice-officebean-5.4.5.1-40.24.1
    • libreoffice-pyuno-5.4.5.1-40.24.1
    • libreoffice-draw-debuginfo-5.4.5.1-40.24.1
    • libreoffice-math-5.4.5.1-40.24.1
    • libreoffice-debugsource-5.4.5.1-40.24.1
    • libreoffice-impress-5.4.5.1-40.24.1
    • libreoffice-base-5.4.5.1-40.24.1
    • libreoffice-pyuno-debuginfo-5.4.5.1-40.24.1
    • libreoffice-writer-extensions-5.4.5.1-40.24.1
    • libreoffice-impress-debuginfo-5.4.5.1-40.24.1
    • libreoffice-officebean-debuginfo-5.4.5.1-40.24.1
    • libreoffice-calc-5.4.5.1-40.24.1
    • libreoffice-mailmerge-5.4.5.1-40.24.1
    • libreoffice-writer-5.4.5.1-40.24.1
    • libreoffice-calc-debuginfo-5.4.5.1-40.24.1
    • libreoffice-math-debuginfo-5.4.5.1-40.24.1
    • libreoffice-draw-5.4.5.1-40.24.1
    • libreoffice-calc-extensions-5.4.5.1-40.24.1
    • libreoffice-filters-optional-5.4.5.1-40.24.1
    • libreoffice-writer-debuginfo-5.4.5.1-40.24.1
    • libreoffice-base-drivers-mysql-5.4.5.1-40.24.1
    • libreoffice-base-drivers-postgresql-debuginfo-5.4.5.1-40.24.1
    • libreofficekit-5.4.5.1-40.24.1
  • SUSE Linux Enterprise Desktop 12 SP2 (noarch)
    • libreoffice-l10n-xh-5.4.5.1-40.24.1
    • libreoffice-l10n-sk-5.4.5.1-40.24.1
    • libreoffice-l10n-pt_BR-5.4.5.1-40.24.1
    • libreoffice-l10n-hu-5.4.5.1-40.24.1
    • libreoffice-l10n-cs-5.4.5.1-40.24.1
    • libreoffice-icon-theme-galaxy-5.4.5.1-40.24.1
    • libreoffice-l10n-ca-5.4.5.1-40.24.1
    • libreoffice-l10n-en-5.4.5.1-40.24.1
    • libreoffice-l10n-hi-5.4.5.1-40.24.1
    • libreoffice-l10n-zh_CN-5.4.5.1-40.24.1
    • libreoffice-l10n-pt_PT-5.4.5.1-40.24.1
    • libreoffice-l10n-ja-5.4.5.1-40.24.1
    • libreoffice-l10n-de-5.4.5.1-40.24.1
    • libreoffice-l10n-af-5.4.5.1-40.24.1
    • libreoffice-l10n-ar-5.4.5.1-40.24.1
    • libreoffice-l10n-ru-5.4.5.1-40.24.1
    • libreoffice-l10n-ro-5.4.5.1-40.24.1
    • libreoffice-l10n-fi-5.4.5.1-40.24.1
    • libreoffice-icon-theme-tango-5.4.5.1-40.24.1
    • libreoffice-l10n-zu-5.4.5.1-40.24.1
    • libreoffice-l10n-it-5.4.5.1-40.24.1
    • libreoffice-l10n-es-5.4.5.1-40.24.1
    • libreoffice-l10n-nb-5.4.5.1-40.24.1
    • libreoffice-l10n-nl-5.4.5.1-40.24.1
    • libreoffice-l10n-sv-5.4.5.1-40.24.1
    • libreoffice-l10n-da-5.4.5.1-40.24.1
    • libreoffice-l10n-fr-5.4.5.1-40.24.1
    • libreoffice-l10n-pl-5.4.5.1-40.24.1
    • libreoffice-l10n-ko-5.4.5.1-40.24.1
    • libreoffice-l10n-nn-5.4.5.1-40.24.1
    • libreoffice-l10n-zh_TW-5.4.5.1-40.24.1
    • libreoffice-l10n-gu-5.4.5.1-40.24.1
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 x86_64)
    • libreoffice-sdk-debuginfo-5.4.5.1-40.24.1
    • libreoffice-debugsource-5.4.5.1-40.24.1
    • libreoffice-debuginfo-5.4.5.1-40.24.1
    • libreoffice-sdk-5.4.5.1-40.24.1
  • SUSE Linux Enterprise Workstation Extension 12 SP2 (x86_64)
    • libreoffice-base-debuginfo-5.4.5.1-40.24.1
    • libreoffice-base-drivers-mysql-debuginfo-5.4.5.1-40.24.1
    • libreoffice-base-drivers-postgresql-5.4.5.1-40.24.1
    • libreoffice-gnome-debuginfo-5.4.5.1-40.24.1
    • libreoffice-5.4.5.1-40.24.1
    • libreoffice-debuginfo-5.4.5.1-40.24.1
    • libreoffice-gnome-5.4.5.1-40.24.1
    • libreoffice-officebean-5.4.5.1-40.24.1
    • libreoffice-pyuno-5.4.5.1-40.24.1
    • libreoffice-draw-debuginfo-5.4.5.1-40.24.1
    • libreoffice-math-5.4.5.1-40.24.1
    • libreoffice-debugsource-5.4.5.1-40.24.1
    • libreoffice-impress-5.4.5.1-40.24.1
    • libreoffice-base-5.4.5.1-40.24.1
    • libreoffice-pyuno-debuginfo-5.4.5.1-40.24.1
    • libreoffice-writer-extensions-5.4.5.1-40.24.1
    • libreoffice-impress-debuginfo-5.4.5.1-40.24.1
    • libreoffice-officebean-debuginfo-5.4.5.1-40.24.1
    • libreoffice-calc-5.4.5.1-40.24.1
    • libreoffice-mailmerge-5.4.5.1-40.24.1
    • libreoffice-writer-5.4.5.1-40.24.1
    • libreoffice-calc-debuginfo-5.4.5.1-40.24.1
    • libreoffice-math-debuginfo-5.4.5.1-40.24.1
    • libreoffice-draw-5.4.5.1-40.24.1
    • libreoffice-calc-extensions-5.4.5.1-40.24.1
    • libreoffice-filters-optional-5.4.5.1-40.24.1
    • libreoffice-writer-debuginfo-5.4.5.1-40.24.1
    • libreoffice-base-drivers-mysql-5.4.5.1-40.24.1
    • libreoffice-base-drivers-postgresql-debuginfo-5.4.5.1-40.24.1
    • libreofficekit-5.4.5.1-40.24.1
  • SUSE Linux Enterprise Workstation Extension 12 SP2 (noarch)
    • libreoffice-l10n-xh-5.4.5.1-40.24.1
    • libreoffice-l10n-sk-5.4.5.1-40.24.1
    • libreoffice-l10n-pt_BR-5.4.5.1-40.24.1
    • libreoffice-l10n-hu-5.4.5.1-40.24.1
    • libreoffice-l10n-cs-5.4.5.1-40.24.1
    • libreoffice-icon-theme-galaxy-5.4.5.1-40.24.1
    • libreoffice-l10n-ca-5.4.5.1-40.24.1
    • libreoffice-l10n-en-5.4.5.1-40.24.1
    • libreoffice-l10n-hi-5.4.5.1-40.24.1
    • libreoffice-l10n-zh_CN-5.4.5.1-40.24.1
    • libreoffice-l10n-pt_PT-5.4.5.1-40.24.1
    • libreoffice-l10n-ja-5.4.5.1-40.24.1
    • libreoffice-l10n-hr-5.4.5.1-40.24.1
    • libreoffice-l10n-de-5.4.5.1-40.24.1
    • libreoffice-l10n-af-5.4.5.1-40.24.1
    • libreoffice-l10n-zh_TW-5.4.5.1-40.24.1
    • libreoffice-l10n-ar-5.4.5.1-40.24.1
    • libreoffice-l10n-ru-5.4.5.1-40.24.1
    • libreoffice-l10n-ro-5.4.5.1-40.24.1
    • libreoffice-l10n-fi-5.4.5.1-40.24.1
    • libreoffice-icon-theme-tango-5.4.5.1-40.24.1
    • libreoffice-l10n-zu-5.4.5.1-40.24.1
    • libreoffice-l10n-it-5.4.5.1-40.24.1
    • libreoffice-l10n-es-5.4.5.1-40.24.1
    • libreoffice-l10n-nb-5.4.5.1-40.24.1
    • libreoffice-l10n-nl-5.4.5.1-40.24.1
    • libreoffice-l10n-sv-5.4.5.1-40.24.1
    • libreoffice-l10n-da-5.4.5.1-40.24.1
    • libreoffice-l10n-fr-5.4.5.1-40.24.1
    • libreoffice-l10n-lt-5.4.5.1-40.24.1
    • libreoffice-l10n-bg-5.4.5.1-40.24.1
    • libreoffice-l10n-pl-5.4.5.1-40.24.1
    • libreoffice-l10n-ko-5.4.5.1-40.24.1
    • libreoffice-l10n-nn-5.4.5.1-40.24.1
    • libreoffice-l10n-uk-5.4.5.1-40.24.1
    • libreoffice-l10n-gu-5.4.5.1-40.24.1

References: